[pve-devel] [PATCH common v3 1/1] json schema/rest environment: add 'expose_credentials' option
Dominik Csapak
d.csapak at proxmox.com
Fri Nov 14 16:10:02 CET 2025
On 11/14/25 4:03 PM, Thomas Lamprecht wrote:
> Am 14.11.25 um 15:42 schrieb Dominik Csapak:
>> this is used to mark api calls to have access to the credentials
>> of the connection (token/ticket/etc.).
>>
>> For that we also expose a 'set/get_credentials' call on the
>> RESTEnvironment.
>>
>> This must be set in the http/cli handler.
>>
>
> Many thanks for fleshing this out!
>
> Some generic workflow thing:
> Not that I have a need for my name to turn up even more in git log, I'd
> strongly recommend to add trailers like co-authored or originally-by when
> taking over such code/ideas. Partially its to pay credits, but more
> importantly (at least for me) it's to know the ones that where involved
> with coming up with this, and thus one can, e.g., ask about and
> potentially also know about the original/other use cases, and these
> reference, while not very often needed, can be worth a lot once they
> are needed.
>
> Depending on the changes it doesn't have to be a trailer, one might also
> include a link to e.g. the mailing list discussion or a simple "this was
> suggested by ... as they wanted to have it for ...".
> Not a big thing (especially not for me for this specific case ;)), I
> just would like us all to pay a bit more attention to these details, it
> gets more relevant the more devs we become.
yes of course, sorry.
I actually thought to myself that i have to add that in the commit
message, but the time between that thought and actually writing
the commit message was obviously too long, so i simply forgot^^
in any case, i added the trailers now to my branches and
if i should need to send another version, it's included.
If not, feel free to add the necessary trailers ;)
>
>> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
>> ---
>> new in v3
>> src/PVE/JSONSchema.pm | 8 ++++++++
>> src/PVE/RESTEnvironment.pm | 14 ++++++++++++++
>> 2 files changed, 22 insertions(+)
>>
>> diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
>> index c6e0f36..8278899 100644
>> --- a/src/PVE/JSONSchema.pm
>> +++ b/src/PVE/JSONSchema.pm
>> @@ -1850,6 +1850,14 @@ my $method_schema = {
>> description => "Method needs special privileges - only pvedaemon can execute it",
>> optional => 1,
>> },
>> + expose_credentials => {
>> + type => 'boolean',
>> + description => "Method needs access to the connecting users credentials (ticker or"
>> + . " token), so it will be exposed through the RPC environment. Useful to avoid"
>> + . " setting 'protected' when one needs to (manually) proxy to other cluster nodes."
>> + . " nodes in the handler.",
>> + optional => 1,
>> + },
>> allowtoken => {
>> type => 'boolean',
>> description => "Method is available for clients authenticated using an API token.",
>> diff --git a/src/PVE/RESTEnvironment.pm b/src/PVE/RESTEnvironment.pm
>> index 7695850..d597557 100644
>> --- a/src/PVE/RESTEnvironment.pm
>> +++ b/src/PVE/RESTEnvironment.pm
>> @@ -235,6 +235,20 @@ sub get_user {
>> die "user name not set\n";
>> }
>>
>> +sub set_credentials {
>> + my ($self, $credentials) = @_;
>> +
>> + $self->{credentials} = $credentials;
>> +}
>> +
>> +sub get_credentials {
>> + my ($self, $noerr) = @_;
>> +
>> + return $self->{credentials} if defined($self->{credentials}) || $noerr;
>> +
>> + die "credentials not set\n";
>> +}
>> +
>> sub set_u2f_challenge {
>> my ($self, $challenge) = @_;
>>
>
More information about the pve-devel
mailing list